Skills
skills/1nfsh-s3/skills/product-hunt-launch/Gen Agent Trust Hub

product-hunt-launch

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The skill uses curl -fsSL https://cli.inference.sh | sh for installation, which is a highly insecure pattern that executes unverified code from an untrusted domain directly in the shell.
  • EXTERNAL_DOWNLOADS (HIGH): The skill relies on binaries and dependencies from inference.sh, which is not a trusted source according to security guidelines.
  • COMMAND_EXECUTION (HIGH): The skill leverages the Bash tool to execute commands through the infsh CLI. When combined with the insecure installation method, this provides a direct path for full system compromise.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the web. 1. Ingestion points: Results from tavily/search-assistant and exa/search in SKILL.md. 2. Boundary markers: Absent; no delimiters or warnings are used to prevent the agent from following instructions embedded in the search results. 3. Capability inventory: The Bash tool (via infsh) allows for network operations and command execution. 4. Sanitization: Absent; external data is processed directly without validation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 08:14 PM